CVE-2026-15547

Summary

A weakness has been identified in Shibby Tomato up to 1.28.0000. This affects the function sub_2D048 of the component CIFS Mount Handler. Executing a manipulation of the argument cifs1/cifs2 can lead to os command injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. This project is superseded by FreshTomato.

Affected Software

VendorProductVersion RangeStatus
ShibbyTomato1.0affected
ShibbyTomato1.1affected
ShibbyTomato1.2affected
ShibbyTomato1.3affected
ShibbyTomato1.4affected
ShibbyTomato1.5affected
ShibbyTomato1.6affected
ShibbyTomato1.7affected
ShibbyTomato1.8affected
ShibbyTomato1.9affected
ShibbyTomato1.10affected
ShibbyTomato1.11affected
ShibbyTomato1.12affected
ShibbyTomato1.13affected
ShibbyTomato1.14affected
ShibbyTomato1.15affected
ShibbyTomato1.16affected
ShibbyTomato1.17affected
ShibbyTomato1.18affected
ShibbyTomato1.19affected
ShibbyTomato1.20affected
ShibbyTomato1.21affected
ShibbyTomato1.22affected
ShibbyTomato1.23affected
ShibbyTomato1.24affected
ShibbyTomato1.25affected
ShibbyTomato1.26affected
ShibbyTomato1.27affected
ShibbyTomato1.28.0000affected

Weaknesses

  • CWE-78: OS Command Injection
  • CWE-77: Command Injection

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References